Skills
skills/ks6088ts-labs/skills/marp-slide-reviewer/Gen Agent Trust Hub

marp-slide-reviewer

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes untrusted data (local/external slide content) and possesses the capability to modify local files.
  • Ingestion Points: SKILL.md (Workflow Steps 3 and 4) specifies reading local .md files and accessing localhost URLs.
  • Capability Inventory: File reading/writing (Markdown editing), web navigation, and screenshot capture.
  • Boundary Markers: None. The agent does not use delimiters to isolate untrusted slide content from its instructions.
  • Sanitization: None. There is no validation to prevent embedded instructions in the Markdown from being executed during the 'fix' phase.
  • [Data Exposure] (MEDIUM): The skill targets localhost and local file paths, creating an internal reconnaissance risk.
  • Evidence: SKILL.md Step 1 and 2.
  • Risk: An attacker providing a crafted local URL could use the agent's screenshot capability to exfiltrate visual data from other sensitive local services or private files.
  • [External References] (LOW): The skill references an external repository for implementation.
  • Evidence: Reference to github.com/anthropics/anthropic-cookbook.
  • Status: Downgraded to LOW/INFO per [TRUST-SCOPE-RULE] as anthropics is a verified trusted organization.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:29 AM